Cross-Site Request Forgery (CSRF) in erudika/scoold

Valid

Reported on

Dec 22nd 2021


Description

Hi there, I would like to report a CSRF vulnerability in erudika/scoold. This allows an attacker to change the current user question space or add them to default space against their will.

Proof of Concept

  1. Access scoold demo at https://pro.scoold.com/ and log in
  2. Access this link https://pro.scoold.com/questions/space/scooldspace:google-analytics
  3. See that a new cookie return scoold-pro-space with value is based 64 encoded of "scooldspace:google-analytics:Google Analytics", indicating that you are added to the above space
  4. Access this link https://pro.scoold.com/questions/space/ and see that you are added back to the default space

Impact

This vulnerability is capable of CSRF

We are processing your report and will contact the erudika/scoold team within 24 hours. 2 years ago
We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago
We have sent a follow up to the erudika/scoold team. We will try again in 4 days. 2 years ago
Alex Bogdanovski validated this vulnerability 2 years ago
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski marked this as fixed with commit ee59dd 2 years ago
Alex Bogdanovski has been awarded the fix bounty
to join this conversation